Iran’s national CERT, Maher, has issued a warning about a new targeted data wiping trojan able to “wipe disk partitions and user profile directories without being recognized by anti-virus software.”
The dropper file is GrooveMonitor.exe, likely named as a disguise after the Office collaboration feature called Microsoft Office Groove. Maherdescribes the malware as “targeted” but gives no information on the possible targets nor method of infection. The dropper name may suggest that targets are specific teams collaborating on particular work or research, and, as Roel Schouwenberg, a security expert with Kaspersky Lab comments, “the era of cyber-sabotage has arrived. Be prepared.”
The malware itself is simple but effective. It shows no similarity to the sophistication of the probably state-sponsored malware that has attacked Iran, such as Stuxnet, Flame and the more formidable original Wiper. Nevertheless, it is effective in wiping drives D to I and the user’s desktop.
New Wiper Malware in Iran Confirms the Age of Cyber-sabotage | DFI News.